On January 19, 2022, President Biden signed National Security Memorandum 8 (NSM-8), titled “Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems.” The memorandum, published on the White House website, marked the first time a White House national security directive specifically mentioned quantum-resilient cryptography in the context of federal cybersecurity planning.
Among its provisions, NSM-8 directed the National Security Agency (NSA) to revise and release updated guidance on cryptographic equipment modernization within 60 days, including references to quantum resistant protocols and planning for use of quantum resistant cryptography. The Committee on National Security Systems (CNSS) was instructed to identify and prioritize all cryptographic-related policies for update within 90 days, with a six-month timeline for re-issuance.
A key provision required federal agencies operating national security systems to identify, within 180 days, any instances of encryption not in compliance with NSA-approved quantum resistant algorithms or the Commercial National Security Algorithm Suite (CNSA), and to report findings to the National Manager at a classification level not to exceed TOP SECRET//SI//NOFORN.
The memorandum also mandated that agencies shall not authorize new systems to operate that do not use approved encryption algorithms and implementations, absent a head-of-agency exception. NSM-8 applied to all national security systems operated by, or on behalf of, the federal government, including those used by the Department of Defense and the Intelligence Community.